Critical Vulnerabilities Expose ​​Weintek HMIs to Attacks

The US cybersecurity agency, CISA, has warned organizations about critical vulnerabilities found in a human-machine interface (HMI) product made by Weintek, a Taiwan-based company. The impacted product is used globally, including in critical manufacturing organizations. Industrial cybersecurity firm TXOne Networks discovered three vulnerabilities that could allow anonymous users to bypass authentication and execute arbitrary commands on the targeted device. Weintek has released patches for the affected products. While an attacker can launch a denial-of-service attack without special permissions, executing arbitrary commands requires the HMI's password. This is not the first time vulnerabilities have been found in Weintek products by TXOne researchers.